Troubleshooting the Initial Configuration
To troubleshoot the initial configuration, see the following sections:
Initial Configuration Does Not Work
Problem: The initial configuration does not work.
Solution: To resolve this problem, follow these steps:
1. Make sure that you can access the device from Cisco Configuration Engine and you can access Cisco Configuration Engine from the device. Use the ping command to validate connectivity.
2. Make sure that the device agent is enabled. In router configuration mode, enter cns?. If the cns command list is displayed, the device agent is enabled. If the device agent is not enabled, this command fails.
3. Make sure that the Cisco Configuration Engine is set up properly. Cisco Configuration Engine is set up in either crypto or plaintext mode. Make sure that the device set up and the Cisco Configuration Engine set up are consistent.
4. Make sure that the system processes are running properly. Enter the following on the Cisco Configuration Engine server:
- To verify that all TibGates are up, enter the following command:
/etc/rc.d/init.d/EvtGateway status /etc/rc.d/init.d/EvtGateway status
Note: For information about TibGate event gateway ports, see the “Scalability Among Event Gateway Ports” chapter in the Cisco Configuration Engine Installation and Configuration Guide, 3.5.
- To verify that httpd is up, enter the following command:
- To verify that the Java process is up, enter the following command:
ps –ef | grep –i java | grep ConfigEngine
5. Check the object status for the device in Cisco Configuration Engine. If the status is green, the Cisco Configuration Engine and the device are connected. If the status is red, verify that the Event ID and Config ID match with what is defined on the device. From the Cisco Configuration Engine user interface, do the following:
a. Choose Devices > Edit Device. The Edit Device page appears with a Groups list.
b. From the Groups list, choose the group that contains the device, then click the icon for the device.
c. From the left pane, choose Edit Information. The Enter Device Information page appears.
d. Click Next. The Select Group Membership page appears.
e. Click Next. The Device IDs page appears.
f. Verify that the Event ID matches with what is defined on the router.
6. Verify the agent set up on the device.
In non-configuration mode, enter the show run command to display the agent settings that are running. Then verify the following:
ip host <ce_host.domain_name> <ce_ipaddress> cns trusted-server <ce_host.domain> cns trusted-server all-agents <ce_host.domain_name> cns id string <ce_ipaddress> cns id string <ce_ipaddress> event cns event <ce_ipaddress> <event-gateway port> cns config init <ce_ipaddress> cns exec
7. If the authentication feature is enabled in Cisco Configuration Engine, make sure that the device password (cns password <password string>), matches with what is defined in the Cisco Configuration Engine user interface.
Note: You cannot see the password setting after you have configured it on the router, nor can you edit the password in Cisco Configuration Engine. Therefore, you must reset the password. To reset the password, use the resync device feature in Cisco Configuration Engine.
8. If you have tried all of the preceding steps but the initial configuration still does not work, use the debug cns config all command to enable debugging on the agent. Analyze the output to verify that the agent is set up correctly with proper connectivity.
9. If the initial configuration still does not work, reboot the device.
Log Files to Monitor Event Traffic and Cisco Configuration Engine Process Status
Use the following log files to monitor event traffic and Cisco Configuration Engine process status:
* /var/log/CNSCE/cfgsrv/cfgsrv.log, error.log—Check the cfgsrv log file when the config agent is enabled and initial configuration is issued on the device. * /var/log/CNSCE/evtgateway/TibGateLog-<port>—Check the TibGate log file when the event agent is enabled on the device. * /var/log/httpd/*.log, /var/log/CNSCE/tomcat/*.out, *.txt, *.log—Check the Apache and Tomcat log files to make sure that the web server is running properly. * /var/log/CNSCE/appliance-setup.log—Check the setup log file for Cisco Configure Engine setup, especially in crypto setup mode. * /var/log/CNSCE/websvc—Check the web service log file to see whether the application programming interface (API) is invoked.